Ninety-one percent of targeted attacks start with spear- phishing email, according to a newly released research by Trend Micro.Spear-phishing emails contain a malicious attachment exploiting a Microsoft Office vulnerability (CVE-2012-0158).These emails are part of the operations of an emerging and active targeted threat called Safe campaign, the operations of which are documented in the research paper by Trend Micro.These spear-phishing emails contain a malicious attachment and encourage a recipient to open a harmful attachment by attracting him with contextually relevant content. From a threat perspective, Trend Micro has identified five key target organisations including government ministries, technology companies, media outlets, academic research institutions and non-governmental agencies.Threats are not new and IT departments have already seen various kinds of advanced persistent threats (APTs) or malware-based espionage attacks that have been around for years. Recent years have seen “noisier” campaigns within the security community, and now are learning to combat the emerging new and smaller campaigns.Trend Micro has not determined the total number of victims in the campaign but apparently, about 12,000 unique IP addresses spread over more than 100 countries were connected to two sets of command-and-control (C&C) infrastructures related to this threat and the average number of actual victims was counted at 71 per day.Defence strategyAs this threat identified by Trend Micro has the potential to affect people all across the world, enterprises should focus on detecting and mitigating attacks and leverage core components of a defence strategy as presented by the report.Businesses can use logs from endpoint, server, and network monitoring to gain a view of the activities within an organisation. This information can be processed for anomalous behaviours and eventually indicate a targeted attack.Integrity checks should be performed as malware will make modifications to the file system and registry in order to maintain persistence. Enterprises should also empower human analysts and also leverage technologies available today to gain visibility, insight, and control over networks to defend against targeted threats.Once an attack is identified, the cleanup strategy should focus on determining the attack vector and cut off communications with the command-and-control (C&C) server.IT department should then also determine the scope of the compromise and assess the damage by analysing the data and forensic artifacts available on compromised machines. Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe